1SYSTEMD.RESOURCE-CONTROL(5)systemd.resource-controlSYSTEMD.RESOURCE-CONTROL(5)
2
6 systemd.resource-control - Resource control unit settings
7
9 slice.slice, scope.scope, service.service, socket.socket, mount.mount,
10 swap.swap
11
13 Unit configuration files for services, slices, scopes, sockets, mount
14 points, and swap devices share a subset of configuration options for
15 resource control of spawned processes. Internally, this relies on the
16 Control Groups kernel concept for organizing processes in a
17 hierarchical tree of named groups for the purpose of resource
18 management.
19 This man page lists the configuration options shared by those six unit
21 types. See systemd.unit(5) for the common options of all unit
22 configuration files, and systemd.slice(5), systemd.scope(5),
23 systemd.service(5), systemd.socket(5), systemd.mount(5), and
24 systemd.swap(5) for more information on the specific unit configuration
25 files. The resource control configuration options are configured in the
26 [Slice], [Scope], [Service], [Socket], [Mount], or [Swap] sections,
27 depending on the unit type.
28 See the New Control Group Interfaces[1] for an introduction on how to
30 make use of resource control APIs from programs.
31
33 Units of the types listed above can have settings for resource control
34 configuration:
35 CPUAccounting=
37 Turn on CPU usage accounting for this unit. Takes a boolean
38 argument. Note that turning on CPU accounting for one unit will
39 also implicitly turn it on for all units contained in the same
40 slice and for all its parent slices and the units contained
41 therein. The system default for this setting may be controlled with
42 DefaultCPUAccounting= in systemd-system.conf(5).
43 CPUShares=weight, StartupCPUShares=weight
45 Assign the specified CPU time share weight to the processes
46 executed. These options take an integer value and control the
47 "cpu.shares" control group attribute. The allowed range is 2 to
48 262144. Defaults to 1024. For details about this control group
49 attribute, see sched-design-CFS.txt[2]. The available CPU time is
50 split up among all units within one slice relative to their CPU
51 time share weight.
52 While StartupCPUShares= only applies to the startup phase of the
54 system, CPUShares= applies to normal runtime of the system, and if
55 the former is not set also to the startup phase. Using
56 StartupCPUShares= allows prioritizing specific services at boot-up
57 differently than during normal runtime.
58 These options imply "CPUAccounting=true".
60 CPUQuota=
62 Assign the specified CPU time quota to the processes executed.
63 Takes a percentage value, suffixed with "%". The percentage
64 specifies how much CPU time the unit shall get at maximum, relative
65 to the total CPU time available on one CPU. Use values > 100% for
66 allotting CPU time on more than one CPU. This controls the
67 "cpu.cfs_quota_us" control group attribute. For details about this
68 control group attribute, see sched-design-CFS.txt[2].
69 Example: CPUQuota=20% ensures that the executed processes will
71 never get more than 20% CPU time on one CPU.
72 Implies "CPUAccounting=true".
74 MemoryAccounting=
76 Turn on process and kernel memory accounting for this unit. Takes a
77 boolean argument. Note that turning on memory accounting for one
78 unit will also implicitly turn it on for all units contained in the
79 same slice and for all its parent slices and the units contained
80 therein. The system default for this setting may be controlled with
81 DefaultMemoryAccounting= in systemd-system.conf(5).
82 MemoryLimit=bytes
84 Specify the limit on maximum memory usage of the executed
85 processes. The limit specifies how much process and kernel memory
86 can be used by tasks in this unit. Takes a memory size in bytes. If
87 the value is suffixed with K, M, G or T, the specified memory size
88 is parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with
89 the base 1024), respectively. If assigned the special value
90 "infinity" no memory limit is applied. This controls the
91 "memory.limit_in_bytes" control group attribute. For details about
92 this control group attribute, see memory.txt[3].
93 Implies "MemoryAccounting=true".
95 TasksAccounting=
97 Turn on task accounting for this unit. Takes a boolean argument. If
98 enabled, the system manager will keep track of the number of tasks
99 in the unit. The number of tasks accounted this way includes both
100 kernel threads and userspace processes, with each thread counting
101 individually. Note that turning on tasks accounting for one unit
102 will also implicitly turn it on for all units contained in the same
103 slice and for all its parent slices and the units contained
104 therein. The system default for this setting may be controlled with
105 DefaultTasksAccounting= in systemd-system.conf(5).
106 TasksMax=N
108 Specify the maximum number of tasks that may be created in the
109 unit. This ensures that the number of tasks accounted for the unit
110 (see above) stays below a specific limit. This either takes an
111 absolute number of tasks or a percentage value that is taken
112 relative to the configured maximum number of tasks on the system.
113 If assigned the special value "infinity", no tasks limit is
114 applied. This controls the "pids.max" control group attribute. For
115 details about this control group attribute, see pids.txt[4].
116 Implies "TasksAccounting=true". The system default for this setting
118 may be controlled with DefaultTasksMax= in systemd-system.conf(5).
119 BlockIOAccounting=
121 Turn on Block IO accounting for this unit. Takes a boolean
122 argument. Note that turning on block IO accounting for one unit
123 will also implicitly turn it on for all units contained in the same
124 slice and all for its parent slices and the units contained
125 therein. The system default for this setting may be controlled with
126 DefaultBlockIOAccounting= in systemd-system.conf(5).
127 BlockIOWeight=weight, StartupBlockIOWeight=weight
129 Set the default overall block IO weight for the executed processes.
130 Takes a single weight value (between 10 and 1000) to set the
131 default block IO weight. This controls the "blkio.weight" control
132 group attribute, which defaults to 500. For details about this
133 control group attribute, see blkio-controller.txt[5]. The available
134 IO bandwidth is split up among all units within one slice relative
135 to their block IO weight.
136 While StartupBlockIOWeight= only applies to the startup phase of
138 the system, BlockIOWeight= applies to the later runtime of the
139 system, and if the former is not set also to the startup phase.
140 This allows prioritizing specific services at boot-up differently
141 than during runtime.
142 Implies "BlockIOAccounting=true".
144 BlockIODeviceWeight=device weight
146 Set the per-device overall block IO weight for the executed
147 processes. Takes a space-separated pair of a file path and a weight
148 value to specify the device specific weight value, between 10 and
149 1000. (Example: "/dev/sda 500"). The file path may be specified as
150 path to a block device node or as any other file, in which case the
151 backing block device of the file system of the file is determined.
152 This controls the "blkio.weight_device" control group attribute,
153 which defaults to 1000. Use this option multiple times to set
154 weights for multiple devices. For details about this control group
155 attribute, see blkio-controller.txt[5].
156 Implies "BlockIOAccounting=true".
158 BlockIOReadBandwidth=device bytes, BlockIOWriteBandwidth=device bytes
160 Set the per-device overall block IO bandwidth limit for the
161 executed processes. Takes a space-separated pair of a file path and
162 a bandwidth value (in bytes per second) to specify the device
163 specific bandwidth. The file path may be a path to a block device
164 node, or as any other file in which case the backing block device
165 of the file system of the file is used. If the bandwidth is
166 suffixed with K, M, G, or T, the specified bandwidth is parsed as
167 Kilobytes, Megabytes, Gigabytes, or Terabytes, respectively, to the
168 base of 1000. (Example:
169 "/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0 5M"). This
170 controls the "blkio.read_bps_device" and "blkio.write_bps_device"
171 control group attributes. Use this option multiple times to set
172 bandwidth limits for multiple devices. For details about these
173 control group attributes, see blkio-controller.txt[5].
174 Implies "BlockIOAccounting=true".
176 DeviceAllow=
178 Control access to specific device nodes by the executed processes.
179 Takes two space-separated strings: a device node specifier followed
180 by a combination of r, w, m to control reading, writing, or
181 creation of the specific device node(s) by the unit (mknod),
182 respectively. This controls the "devices.allow" and "devices.deny"
183 control group attributes. For details about these control group
184 attributes, see devices.txt[6].
185 The device node specifier is either a path to a device node in the
187 file system, starting with /dev/, or a string starting with either
188 "char-" or "block-" followed by a device group name, as listed in
189 /proc/devices. The latter is useful to whitelist all current and
190 future devices belonging to a specific device group at once. The
191 device group is matched according to file name globbing rules, you
192 may hence use the "*" and "?" wildcards. Examples: /dev/sda5 is a
193 path to a device node, referring to an ATA or SCSI block device.
194 "char-pts" and "char-alsa" are specifiers for all pseudo TTYs and
195 all ALSA sound devices, respectively. "char-cpu/*" is a specifier
196 matching all CPU related device groups.
197 DevicePolicy=auto|closed|strict
199 Control the policy for allowing device access:
200 strict
202 means to only allow types of access that are explicitly
203 specified.
204 closed
206 in addition, allows access to standard pseudo devices including
207 /dev/null, /dev/zero, /dev/full, /dev/random, and /dev/urandom.
208 auto
210 in addition, allows access to all devices if no explicit
211 DeviceAllow= is present. This is the default.
212 Slice=
214 The name of the slice unit to place the unit in. Defaults to
215 system.slice for all non-instantiated units of all unit types
216 (except for slice units themselves see below). Instance units are
217 by default placed in a subslice of system.slice that is named after
218 the template name.
219 This option may be used to arrange systemd units in a hierarchy of
221 slices each of which might have resource settings applied.
222 For units of type slice, the only accepted value for this setting
224 is the parent slice. Since the name of a slice unit implies the
225 parent slice, it is hence redundant to ever set this parameter
226 directly for slice units.
227 Delegate=
229 Turns on delegation of further resource control partitioning to
230 processes of the unit. For unprivileged services (i.e. those using
231 the User= setting) this allows processes to create a subhierarchy
232 beneath its control group path. For privileged services and scopes
233 this ensures the processes will have all control group controllers
234 enabled.
235
237 systemd(1), systemd.unit(5), systemd.service(5), systemd.slice(5),
238 systemd.scope(5), systemd.socket(5), systemd.mount(5), systemd.swap(5),
239 systemd.directives(7), systemd.special(7), The documentation for
240 control groups and specific controllers in the Linux kernel:
241 cgroups.txt[7], cpuacct.txt[8], memory.txt[3], blkio-controller.txt[5].
242
244 1. New Control Group Interfaces
245 http://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/
246 2. sched-design-CFS.txt
248 https://www.kernel.org/doc/Documentation/scheduler/sched-design-CFS.txt
249 3. memory.txt
251 https://www.kernel.org/doc/Documentation/cgroups/memory.txt
252 4. pids.txt
254 https://www.kernel.org/doc/Documentation/cgroup-v1/pids.txt
255 5. blkio-controller.txt
257 https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt
258 6. devices.txt
260 https://www.kernel.org/doc/Documentation/cgroups/devices.txt
261 7. cgroups.txt
263 https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
264 8. cpuacct.txt
266 https://www.kernel.org/doc/Documentation/cgroups/cpuacct.txt
267systemd 219 SYSTEMD.RESOURCE-CONTROL(5)